3 matches found
CVE-2021-42797
Path traversal vulnerability in AVEVA Edge formerly InduSoft Web Studio versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources...
CVE-2021-42797
CVE-2021-42797 — AVEVA Edge (formerly InduSoft Web Studio) : Path traversal in AVEVA Edge versions R2020 and prior allows an unauthenticated user to disclose the Windows access token used for external DB resources. Affected product: AVEVA Edge; vulnerable component(s): runtime/installation flow t...
AVEVA Edge
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: Edge Vulnerabilities: Uncontrolled Search Path Element, Exposure of Sensitive Information to an Unauthorized Actor, Uncontrolled Resource Consumption, Improper Access Control, Windows...